tech-userlevel archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: [PATCH] HTTPS/TLS CA certificates in base

With the certctl patch on the table, I think it will be possible for
anybody who wants to

  install mozilla-rootcerts
  change certctl.conf to point to it

and get what abs@ wants for updates (which is different that everybody
getting it by default).

I am now in the "this is not really different from any other serious
vulnerability in case" camp.

I have long believed that installing any particular release and leaving
it indefinitely is not reasonable.  My own practice is to run the
netbsd-N stable branch and routinely update along the branch every 2
months, which means I am never far out of date and also in a position to
update/build/rsync/update quickly when fixes for serious CVEs appear on
the branch.  So it's the same timeline as updating pkgsrc (update,
pkg_rr, create summary, sync, pkgin) with different steps.

Home | Main Index | Thread Index | Old Index